cybergrandsandbox writeup Defcon prequal

Defcon prequal is over the team finished at rank 29th with 23 pts. Cybergrandsandbox was an exploitation challenge. It's a cgc binary. It's a postfix notation calculator. When given input to calculate it will allocate 0x2000 block, generate jit-code inside it and jump to it. This code will evaluate the result of the input and result in eax.

The approach to exploit it :

The shellcode we build requires only recieve and transmit functions from libcgc. We only need to recieve from file descriptor 3 which is created from the python launcher which is the flag fd. We then use transmit to send the content of the flag to the socket.

Exploit :

Proxied content from gemini://0x80.org/gemlog/2015-05-18-cybergrandsandbox-writeup-defcon-prequal.gmi.
Get a proper gemini browser and visit!

Gemini request details:

Original URL
gemini://0x80.org/gemlog/2015-05-18-cybergrandsandbox-writeup-defcon-prequal.gmi
Status code
20
Meta
text/gemini;lang=en-US